Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

security alert spyware/virus [CLOSED]

Started by danny251 , Aug 22 2006 12:48 PM

This topic is locked

#1
danny251

Posted 22 August 2006 - 12:48 PM

Member

Member
52 posts

Logfile of HijackThis v1.99.1
Scan saved at 19:44:30, on 22/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Danny\LOCALS~1\Temp\Temporary Directory 1 for hijackthis-1.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MyBAMF_For_Myspace] "C:\Program Files\MyBAMF\MyBAMF.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm594YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: explorer - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

I get security alerts and it tells me to download crap.
Could anyone take a look at this and tell me what and how to remove it?

thanks

#2
Maiestas

Posted 22 August 2006 - 05:03 PM

eh...

Retired Staff
1,481 posts

Delete your current version of hijackthis.exe and follow the instructions below:

* Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Edited by Maiestas, 22 August 2006 - 05:04 PM.

#3
danny251

Posted 23 August 2006 - 08:58 AM

Member

Topic Starter
Member
52 posts

Thanks here is the log

Logfile of HijackThis v1.99.1
Scan saved at 15:58:15, on 23/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MyBAMF_For_Myspace] "C:\Program Files\MyBAMF\MyBAMF.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm594YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: explorer - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#4
Maiestas

Posted 23 August 2006 - 09:56 AM

eh...

Retired Staff
1,481 posts

Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Please download the trial version of ewido anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:
===================================================
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm594YYGB

===================================================

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

Click on scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Close ewido anti-malware.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When the download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.

Edited by Maiestas, 23 August 2006 - 09:56 AM.

#5
danny251

Posted 23 August 2006 - 01:25 PM

Member

Topic Starter
Member
52 posts

Panda Scan

Incident Status Location

Adware:adware/block-checker Not disinfected c:\windows\system32\ustart.exe
Adware:adware/look2me Not disinfected Windows Registry
Adware:adware/prositefinder Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Anne Marie\Cookies\anne marie@atwola[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Anne Marie\Cookies\anne marie@toplist[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Anne Marie\Cookies\anne marie@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Anne Marie\Cookies\anne marie@xmts[2].txt

New Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 20:24:39, on 23/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: explorer - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

smitfiles.txt

smitRem © log file
version 3.1

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: 23/08/2006
The current time is: 17:24:17.10

Running from
C:\Documents and Settings\Danny\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

checking for drsmartload2 key

drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

IntCodec

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb
logfiles

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 856 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :whistling:

Ewido Log

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:50:55 23/08/2006

+ Scan result:

C:\Program Files\CasinoOnNet\Casino.exe -> Adware.Casino : Cleaned.
C:\Documents and Settings\Danny\Desktop\Craagle.exe -> Adware.Craagle : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Ignored.
C:\Documents and Settings\David\Local Settings\Temp\tmpB.tmp -> Not-A-Virus.Hoax.Win32.Renos.dp : Cleaned.
C:\WINDOWS\KK\winlogon.dll -> Not-A-Virus.Monitor.Win32.KGBSpy.34 : Cleaned.
C:\WINDOWS\system32\afiqodee.dll -> Not-A-Virus.Monitor.Win32.PCAcme.61 : Cleaned.
C:\WINDOWS\system32\uimonawd.sys -> Not-A-Virus.Monitor.Win32.PCAcme.61 : Cleaned.
:mozilla.331:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.293:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.295:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.296:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.358:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.426:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.427:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.428:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.429:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.430:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.431:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.432:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.433:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.481:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.587:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Anne Marie\Cookies\anne [email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Danny\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.202:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.24:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.32:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.33:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.548:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Adition : Cleaned.
:mozilla.549:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Adition : Cleaned.
:mozilla.142:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.480:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.481:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.482:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.133:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.134:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.135:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.136:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.137:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.191:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.192:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.468:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.469:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.470:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.471:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.472:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.475:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.476:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.477:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.478:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.182:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.184:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.197:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.198:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.203:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.204:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.108:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.109:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.110:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.111:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.113:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.494:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.495:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.496:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.434:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.17:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.314:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.49:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.60:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.403:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.502:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.230:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.310:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.319:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.321:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.503:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.100:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.101:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.102:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.125:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.127:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.231:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.232:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.233:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.234:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.235:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.236:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.94:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.96:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.97:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.98:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.99:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.445:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.53:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.143:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.144:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.145:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.146:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.154:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.155:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.171:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.172:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.191:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.193:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.194:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.195:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.244:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.245:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.250:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.251:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.252:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.253:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.269:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.270:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.296:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.297:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.507:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.508:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.344:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.368:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.249:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.250:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.251:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.332:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.444:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.321:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.82:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.145:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.263:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.412:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.57:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.58:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Anne Marie\Cookies\anne [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Anne Marie\Cookies\anne [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.521:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.10:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.15:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.187:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.188:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.189:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.190:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.274:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.275:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.276:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.277:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.278:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.424:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.8:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Anne Marie\Cookies\anne [email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Gillian\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.207:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.208:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.209:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.210:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.220:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.116:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.117:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.134:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.135:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.536:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.450:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.451:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.542:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.543:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.338:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\h2p6nag1.Danny\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.343:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.350:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\nkwi5j9a.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.136:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.137:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.150:C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\lxitzron.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.206:C:\Documents and Settings\Danny�

#6
Maiestas

Posted 23 August 2006 - 02:02 PM

eh...

Retired Staff
1,481 posts

Is there a reason why you ignored this item?
C:\Documents and Settings\Danny\Desktop\Craagle.exe -> Adware.Craagle : Ignored.

Also, your Active Scan report looks cut off... try posting the whole log again.

=======================

Make sure your system files and folders are unhidden.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading SELECT Show hidden files and folders.
Click Yes to confirm.
Click OK.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk

O20 - Winlogon Notify: explorer - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

Now close all windows and browsers other than HiJackThis, then click Fix Checked.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete the file using Windows Explorer(if present):

c:\windows\system32\ustart.exe

Reboot

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then, post a new hijackthis log.

Edited by Maiestas, 23 August 2006 - 02:09 PM.

#7
danny251

Posted 23 August 2006 - 02:20 PM

Member

Topic Starter
Member
52 posts

New scan

Logfile of HijackThis v1.99.1
Scan saved at 21:20:41, on 23/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

thanks

#8
Maiestas

Posted 23 August 2006 - 02:41 PM

eh...

Retired Staff
1,481 posts

Is there a reason why you ignored this item?
C:\Documents and Settings\Danny\Desktop\Craagle.exe -> Adware.Craagle : Ignored.

Also, your Active Scan report looks cut off... try posting the whole log again.

#9
danny251

Posted 23 August 2006 - 02:58 PM

Member

Topic Starter
Member
52 posts

Sorry,
Its a program I don't want to get rid of as I don't believe it has spyware in it. It hasn't showed up in the adaware and spybot search and destroy scans.

The panda scan again

Incident Status Location

Adware:adware/prositefinder Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Anne Marie\Cookies\anne marie@atwola[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Anne Marie\Cookies\anne marie@toplist[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Anne Marie\Cookies\anne marie@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Anne Marie\Cookies\anne marie@xmts[2].txt

#10
Maiestas

Posted 23 August 2006 - 03:08 PM

eh...

Retired Staff
1,481 posts

Actually it is ‘spyware’. Ad-ware and Spybot do NOT detect every single threat. That’s why we have you run other scans to see what else maybe hiding in your system. If you wish to keep, that’s fine - it is up to you.

================

Updating Java and Clearing Cache

Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
If you are unable to update you can manually update by going here:
- http://www.java.com/en/download/manual.jsp
After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
Downloaded Applications
Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

Reboot and post a new hijackthis log.

#11
Maiestas

Posted 29 August 2006 - 10:32 PM

eh...

Retired Staff
1,481 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.